1 files changed, 76 insertions, 9 deletions
diff --git a/src/lib/libcrypto/util/mk1mf.pl b/src/lib/libcrypto/util/mk1mf.pl
index afe8c7326d..72fa089f6b 100644
--- a/src/lib/libcrypto/util/mk1mf.pl
+++ b/src/lib/libcrypto/util/mk1mf.pl
@@ -18,6 +18,8 @@ local $zlib_opt = 0;	# 0 = no zlib, 1 = static, 2 = dynamic
 local $zlib_lib = "";
 local $perl_asm = 0;    # 1 to autobuild asm files from perl scripts
+my $ex_l_libs = "";
 # Options to import from top level Makefile
 my %mf_import = (
@@ -40,7 +42,9 @@ my %mf_import = (
        SHA1_ASM_OBJ   => \$mf_sha_asm,
        RMD160_ASM_OBJ => \$mf_rmd_asm,
        WP_ASM_OBJ     => \$mf_wp_asm,
-        CMLL_ENC       => \$mf_cm_asm
+        CMLL_ENC       => \$mf_cm_asm,
+        BASEADDR       => \$baseaddr,
+        FIPSDIR        => \$fipsdir,
 );
@@ -104,6 +108,7 @@ and [options] can be one of
        just-ssl                                - remove all non-ssl keys/digest
        no-asm                                  - No x86 asm
        no-krb5                                 - No KRB5
+        no-srp                                  - No SRP
        no-ec                                   - No EC
        no-ecdsa                                - No ECDSA
        no-ecdh                                 - No ECDH
@@ -228,6 +233,8 @@ else
        $cflags.=' -DTERMIO';
        }
+$fipsdir =~ s/\//${o}/g;
 $out_dir=(defined($VARS{'OUT'}))?$VARS{'OUT'}:$out_def.($debug?".dbg":"");
 $tmp_dir=(defined($VARS{'TMP'}))?$VARS{'TMP'}:$tmp_def.($debug?".dbg":"");
 $inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;
@@ -261,6 +268,7 @@ $cflags.=" -DOPENSSL_NO_SOCK" if $no_sock;
 $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;
 $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
 $cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext;
+$cflags.=" -DOPENSSL_NO_SRP" if $no_srp;
 $cflags.=" -DOPENSSL_NO_CMS" if $no_cms;
 $cflags.=" -DOPENSSL_NO_ERR"  if $no_err;
 $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
@@ -270,7 +278,9 @@ $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
 $cflags.=" -DOPENSSL_NO_GOST" if $no_gost;
 $cflags.=" -DOPENSSL_NO_ENGINE"   if $no_engine;
 $cflags.=" -DOPENSSL_NO_HW"   if $no_hw;
+$cflags.=" -DOPENSSL_FIPS"    if $fips;
 $cflags.=" -DOPENSSL_NO_JPAKE"    if $no_jpake;
+$cflags.=" -DOPENSSL_NO_EC2M"    if $no_ec2m;
 $cflags.= " -DZLIB" if $zlib_opt;
 $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
@@ -404,6 +414,11 @@ else
        \$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\"
 EOF
        $ex_libs .= " $zlib_lib" if $zlib_opt == 1;
+        if ($fips)
+                {
+                $build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";
+                $ex_l_libs .= " \$(O_FIPSCANISTER)";
+                }
        }
 $defs= <<"EOF";
@@ -465,6 +480,18 @@ MKLIB=$bin_dir$mklib
 MLFLAGS=$mlflags
 ASM=$bin_dir$asm
+# FIPS validated module and support file locations
+FIPSDIR=$fipsdir
+BASEADDR=$baseaddr
+FIPSLIB_D=\$(FIPSDIR)${o}lib
+FIPS_PREMAIN_SRC=\$(FIPSLIB_D)${o}fips_premain.c
+O_FIPSCANISTER=\$(FIPSLIB_D)${o}fipscanister.lib
+FIPS_SHA1_EXE=\$(FIPSDIR)${o}bin${o}fips_standalone_sha1${exep}
+E_PREMAIN_DSO=fips_premain_dso
+PREMAIN_DSO_EXE=\$(BIN_D)${o}fips_premain_dso$exep
+FIPSLINK=\$(PERL) \$(FIPSDIR)${o}bin${o}fipslink.pl
 ######################################################
 # You should not need to touch anything below this point
 ######################################################
@@ -497,7 +524,7 @@ SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
 L_SSL=     \$(LIB_D)$o$plib\$(SSL)$libp
 L_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$libp
-L_LIBS= \$(L_SSL) \$(L_CRYPTO)
+L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs
 ######################################################
 # Don't touch anything below this point
@@ -513,7 +540,7 @@ LIBS_DEP=\$(O_CRYPTO) \$(O_SSL)
 EOF
 $rules=<<"EOF";
-all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe
+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe $build_targets
 banner:
 $banner
@@ -629,6 +656,16 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
 $defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
 $rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
+# Special case rule for fips_premain_dso
+if ($fips)
+        {
+        $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
+                "\$(FIPS_PREMAIN_SRC)",
+                "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)", "");
+        $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);
+        }
 foreach (values %lib_nam)
        {
        $lib_obj=$lib_obj{$_};
@@ -677,7 +714,28 @@ foreach (split(/\s+/,$engines))
 $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
-$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
+if ($fips)
+        {
+        if ($shlib)
+                {
+                $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
+                                "\$(O_CRYPTO)", "$crypto",
+                                $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
+                }
+        else
+                {
+                $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
+                        "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+                $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
+                        "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+                }
+        }
+        else
+        {
+        $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,
+                                                        "\$(SO_CRYPTO)");
+        }
 foreach (split(" ",$otherlibs))
        {
@@ -687,7 +745,7 @@ foreach (split(" ",$otherlibs))
        }
-$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
+$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)", ($fips && !$shlib) ? 2 : 0);
 print $defs;
@@ -781,6 +839,8 @@ sub var_add
        @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
        @a=grep(!/_mdc2$/,@a) if $no_mdc2;
+        @a=grep(!/(srp)/,@a) if $no_srp;
        @a=grep(!/^engine$/,@a) if $no_engine;
        @a=grep(!/^hw$/,@a) if $no_hw;
        @a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa;
@@ -939,14 +999,15 @@ sub Sasm_compile_target
 sub cc_compile_target
        {
-        local($target,$source,$ex_flags)=@_;
+        local($target,$source,$ex_flags, $srcd)=@_;
        local($ret);
        
        $ex_flags.=" -DMK1MF_BUILD -D$platform_cpp_symbol" if ($source =~ /cversion/);
        $target =~ s/\//$o/g if $o ne "/";
        $source =~ s/\//$o/g if $o ne "/";
-        $ret ="$target: \$(SRC_D)$o$source\n\t";
+        $srcd = "\$(SRC_D)$o" unless defined $srcd;
-        $ret.="\$(CC) ${ofile}$target $ex_flags -c \$(SRC_D)$o$source\n\n";
+        $ret ="$target: $srcd$source\n\t";
+        $ret.="\$(CC) ${ofile}$target $ex_flags -c $srcd$source\n\n";
        return($ret);
        }
@@ -1056,8 +1117,11 @@ sub read_options
                "no-ssl2" => \$no_ssl2,
                "no-ssl3" => \$no_ssl3,
                "no-tlsext" => \$no_tlsext,
+                "no-srp" => \$no_srp,
                "no-cms" => \$no_cms,
+                "no-ec2m" => \$no_ec2m,
                "no-jpake" => \$no_jpake,
+                "no-ec_nistp_64_gcc_128" => 0,
                "no-err" => \$no_err,
                "no-sock" => \$no_sock,
                "no-krb5" => \$no_krb5,
@@ -1067,11 +1131,12 @@ sub read_options
                "no-gost" => \$no_gost,
                "no-engine" => \$no_engine,
                "no-hw" => \$no_hw,
+                "no-rsax" => 0,
                "just-ssl" =>
                        [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,
                          \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh,
                          \$no_ssl2, \$no_err, \$no_ripemd, \$no_rc5,
-                          \$no_aes, \$no_camellia, \$no_seed],
+                          \$no_aes, \$no_camellia, \$no_seed, \$no_srp],
                "rsaref" => 0,
                "gcc" => \$gcc,
                "debug" => \$debug,
@@ -1079,6 +1144,7 @@ sub read_options
                "shlib" => \$shlib,
                "dll" => \$shlib,
                "shared" => 0,
+                "no-sctp" => 0,
                "no-gmp" => 0,
                "no-rfc3779" => 0,
                "no-montasm" => 0,
@@ -1086,6 +1152,7 @@ sub read_options
                "no-store" => 0,
                "no-zlib" => 0,
                "no-zlib-dynamic" => 0,
+                "fips" => \$fips
                );
        if (exists $valid_options{$_})

diff --git a/src/lib/libcrypto/util/mk1mf.pl b/src/lib/libcrypto/util/mk1mf.pl index afe8c7326d..72fa089f6b 100644 --- a/src/lib/libcrypto/util/mk1mf.pl +++ b/src/lib/libcrypto/util/mk1mf.pl
@@ -18,6 +18,8 @@ local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic
18	local $zlib_lib = "";	18	local $zlib_lib = "";
19	local $perl_asm = 0; # 1 to autobuild asm files from perl scripts	19	local $perl_asm = 0; # 1 to autobuild asm files from perl scripts
20		20
		21	my $ex_l_libs = "";
		22
21	# Options to import from top level Makefile	23	# Options to import from top level Makefile
22		24
23	my %mf_import = (	25	my %mf_import = (
@@ -40,7 +42,9 @@ my %mf_import = (
40	SHA1_ASM_OBJ => \$mf_sha_asm,	42	SHA1_ASM_OBJ => \$mf_sha_asm,
41	RMD160_ASM_OBJ => \$mf_rmd_asm,	43	RMD160_ASM_OBJ => \$mf_rmd_asm,
42	WP_ASM_OBJ => \$mf_wp_asm,	44	WP_ASM_OBJ => \$mf_wp_asm,
43	CMLL_ENC => \$mf_cm_asm	45	CMLL_ENC => \$mf_cm_asm,
		46	BASEADDR => \$baseaddr,
		47	FIPSDIR => \$fipsdir,
44	);	48	);
45		49
46		50
@@ -104,6 +108,7 @@ and [options] can be one of
104	just-ssl - remove all non-ssl keys/digest	108	just-ssl - remove all non-ssl keys/digest
105	no-asm - No x86 asm	109	no-asm - No x86 asm
106	no-krb5 - No KRB5	110	no-krb5 - No KRB5
		111	no-srp - No SRP
107	no-ec - No EC	112	no-ec - No EC
108	no-ecdsa - No ECDSA	113	no-ecdsa - No ECDSA
109	no-ecdh - No ECDH	114	no-ecdh - No ECDH
@@ -228,6 +233,8 @@ else
228	$cflags.=' -DTERMIO';	233	$cflags.=' -DTERMIO';
229	}	234	}
230		235
		236	$fipsdir =~ s/\//${o}/g;
		237
231	$out_dir=(defined($VARS{'OUT'}))?$VARS{'OUT'}:$out_def.($debug?".dbg":"");	238	$out_dir=(defined($VARS{'OUT'}))?$VARS{'OUT'}:$out_def.($debug?".dbg":"");
232	$tmp_dir=(defined($VARS{'TMP'}))?$VARS{'TMP'}:$tmp_def.($debug?".dbg":"");	239	$tmp_dir=(defined($VARS{'TMP'}))?$VARS{'TMP'}:$tmp_def.($debug?".dbg":"");
233	$inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;	240	$inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;
@@ -261,6 +268,7 @@ $cflags.=" -DOPENSSL_NO_SOCK" if $no_sock;
261	$cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;	268	$cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;
262	$cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;	269	$cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
263	$cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext;	270	$cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext;
		271	$cflags.=" -DOPENSSL_NO_SRP" if $no_srp;
264	$cflags.=" -DOPENSSL_NO_CMS" if $no_cms;	272	$cflags.=" -DOPENSSL_NO_CMS" if $no_cms;
265	$cflags.=" -DOPENSSL_NO_ERR" if $no_err;	273	$cflags.=" -DOPENSSL_NO_ERR" if $no_err;
266	$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;	274	$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
@@ -270,7 +278,9 @@ $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
270	$cflags.=" -DOPENSSL_NO_GOST" if $no_gost;	278	$cflags.=" -DOPENSSL_NO_GOST" if $no_gost;
271	$cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine;	279	$cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine;
272	$cflags.=" -DOPENSSL_NO_HW" if $no_hw;	280	$cflags.=" -DOPENSSL_NO_HW" if $no_hw;
		281	$cflags.=" -DOPENSSL_FIPS" if $fips;
273	$cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake;	282	$cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake;
		283	$cflags.=" -DOPENSSL_NO_EC2M" if $no_ec2m;
274	$cflags.= " -DZLIB" if $zlib_opt;	284	$cflags.= " -DZLIB" if $zlib_opt;
275	$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;	285	$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
276		286
@@ -404,6 +414,11 @@ else
404	\$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\"	414	\$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\"
405	EOF	415	EOF
406	$ex_libs .= " $zlib_lib" if $zlib_opt == 1;	416	$ex_libs .= " $zlib_lib" if $zlib_opt == 1;
		417	if ($fips)
		418	{
		419	$build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";
		420	$ex_l_libs .= " \$(O_FIPSCANISTER)";
		421	}
407	}	422	}
408		423
409	$defs= <<"EOF";	424	$defs= <<"EOF";
@@ -465,6 +480,18 @@ MKLIB=$bin_dir$mklib
465	MLFLAGS=$mlflags	480	MLFLAGS=$mlflags
466	ASM=$bin_dir$asm	481	ASM=$bin_dir$asm
467		482
		483	# FIPS validated module and support file locations
		484
		485	FIPSDIR=$fipsdir
		486	BASEADDR=$baseaddr
		487	FIPSLIB_D=\$(FIPSDIR)${o}lib
		488	FIPS_PREMAIN_SRC=\$(FIPSLIB_D)${o}fips_premain.c
		489	O_FIPSCANISTER=\$(FIPSLIB_D)${o}fipscanister.lib
		490	FIPS_SHA1_EXE=\$(FIPSDIR)${o}bin${o}fips_standalone_sha1${exep}
		491	E_PREMAIN_DSO=fips_premain_dso
		492	PREMAIN_DSO_EXE=\$(BIN_D)${o}fips_premain_dso$exep
		493	FIPSLINK=\$(PERL) \$(FIPSDIR)${o}bin${o}fipslink.pl
		494
468	######################################################	495	######################################################
469	# You should not need to touch anything below this point	496	# You should not need to touch anything below this point
470	######################################################	497	######################################################
@@ -497,7 +524,7 @@ SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
497	L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp	524	L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp
498	L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp	525	L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp
499		526
500	L_LIBS= \$(L_SSL) \$(L_CRYPTO)	527	L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs
501		528
502	######################################################	529	######################################################
503	# Don't touch anything below this point	530	# Don't touch anything below this point
@@ -513,7 +540,7 @@ LIBS_DEP=\$(O_CRYPTO) \$(O_SSL)
513	EOF	540	EOF
514		541
515	$rules=<<"EOF";	542	$rules=<<"EOF";
516	all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe	543	all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe $build_targets
517		544
518	banner:	545	banner:
519	$banner	546	$banner
@@ -629,6 +656,16 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
629	$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);	656	$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
630	$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');	657	$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
631		658
		659	# Special case rule for fips_premain_dso
		660
		661	if ($fips)
		662	{
		663	$rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
		664	"\$(FIPS_PREMAIN_SRC)",
		665	"-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)", "");
		666	$rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);
		667	}
		668
632	foreach (values %lib_nam)	669	foreach (values %lib_nam)
633	{	670	{
634	$lib_obj=$lib_obj{$_};	671	$lib_obj=$lib_obj{$_};
@@ -677,7 +714,28 @@ foreach (split(/\s+/,$engines))
677		714
678		715
679	$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");	716	$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
680	$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");	717
		718	if ($fips)
		719	{
		720	if ($shlib)
		721	{
		722	$rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
		723	"\$(O_CRYPTO)", "$crypto",
		724	$shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
		725	}
		726	else
		727	{
		728	$rules.= &do_lib_rule("\$(CRYPTOOBJ)",
		729	"\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
		730	$rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
		731	"\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
		732	}
		733	}
		734	else
		735	{
		736	$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,
		737	"\$(SO_CRYPTO)");
		738	}
681		739
682	foreach (split(" ",$otherlibs))	740	foreach (split(" ",$otherlibs))
683	{	741	{
@@ -687,7 +745,7 @@ foreach (split(" ",$otherlibs))
687		745
688	}	746	}
689		747
690	$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");	748	$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)", ($fips && !$shlib) ? 2 : 0);
691		749
692	print $defs;	750	print $defs;
693		751
@@ -781,6 +839,8 @@ sub var_add
781	@a=grep(!/(^sha1)\|(_sha1$)\|(m_dss1$)/,@a) if $no_sha1;	839	@a=grep(!/(^sha1)\|(_sha1$)\|(m_dss1$)/,@a) if $no_sha1;
782	@a=grep(!/_mdc2$/,@a) if $no_mdc2;	840	@a=grep(!/_mdc2$/,@a) if $no_mdc2;
783		841
		842	@a=grep(!/(srp)/,@a) if $no_srp;
		843
784	@a=grep(!/^engine$/,@a) if $no_engine;	844	@a=grep(!/^engine$/,@a) if $no_engine;
785	@a=grep(!/^hw$/,@a) if $no_hw;	845	@a=grep(!/^hw$/,@a) if $no_hw;
786	@a=grep(!/(^rsa$)\|(^genrsa$)/,@a) if $no_rsa;	846	@a=grep(!/(^rsa$)\|(^genrsa$)/,@a) if $no_rsa;
@@ -939,14 +999,15 @@ sub Sasm_compile_target
939		999
940	sub cc_compile_target	1000	sub cc_compile_target
941	{	1001	{
942	local($target,$source,$ex_flags)=@_;	1002	local($target,$source,$ex_flags, $srcd)=@_;
943	local($ret);	1003	local($ret);
944		1004
945	$ex_flags.=" -DMK1MF_BUILD -D$platform_cpp_symbol" if ($source =~ /cversion/);	1005	$ex_flags.=" -DMK1MF_BUILD -D$platform_cpp_symbol" if ($source =~ /cversion/);
946	$target =~ s/\//$o/g if $o ne "/";	1006	$target =~ s/\//$o/g if $o ne "/";
947	$source =~ s/\//$o/g if $o ne "/";	1007	$source =~ s/\//$o/g if $o ne "/";
948	$ret ="$target: \$(SRC_D)$o$source\n\t";	1008	$srcd = "\$(SRC_D)$o" unless defined $srcd;
949	$ret.="\$(CC) ${ofile}$target $ex_flags -c \$(SRC_D)$o$source\n\n";	1009	$ret ="$target: $srcd$source\n\t";
		1010	$ret.="\$(CC) ${ofile}$target $ex_flags -c $srcd$source\n\n";
950	return($ret);	1011	return($ret);
951	}	1012	}
952		1013
@@ -1056,8 +1117,11 @@ sub read_options
1056	"no-ssl2" => \$no_ssl2,	1117	"no-ssl2" => \$no_ssl2,
1057	"no-ssl3" => \$no_ssl3,	1118	"no-ssl3" => \$no_ssl3,
1058	"no-tlsext" => \$no_tlsext,	1119	"no-tlsext" => \$no_tlsext,
		1120	"no-srp" => \$no_srp,
1059	"no-cms" => \$no_cms,	1121	"no-cms" => \$no_cms,
		1122	"no-ec2m" => \$no_ec2m,
1060	"no-jpake" => \$no_jpake,	1123	"no-jpake" => \$no_jpake,
		1124	"no-ec_nistp_64_gcc_128" => 0,
1061	"no-err" => \$no_err,	1125	"no-err" => \$no_err,
1062	"no-sock" => \$no_sock,	1126	"no-sock" => \$no_sock,
1063	"no-krb5" => \$no_krb5,	1127	"no-krb5" => \$no_krb5,
@@ -1067,11 +1131,12 @@ sub read_options
1067	"no-gost" => \$no_gost,	1131	"no-gost" => \$no_gost,
1068	"no-engine" => \$no_engine,	1132	"no-engine" => \$no_engine,
1069	"no-hw" => \$no_hw,	1133	"no-hw" => \$no_hw,
		1134	"no-rsax" => 0,
1070	"just-ssl" =>	1135	"just-ssl" =>
1071	[\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,	1136	[\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,
1072	\$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh,	1137	\$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh,
1073	\$no_ssl2, \$no_err, \$no_ripemd, \$no_rc5,	1138	\$no_ssl2, \$no_err, \$no_ripemd, \$no_rc5,
1074	\$no_aes, \$no_camellia, \$no_seed],	1139	\$no_aes, \$no_camellia, \$no_seed, \$no_srp],
1075	"rsaref" => 0,	1140	"rsaref" => 0,
1076	"gcc" => \$gcc,	1141	"gcc" => \$gcc,
1077	"debug" => \$debug,	1142	"debug" => \$debug,
@@ -1079,6 +1144,7 @@ sub read_options
1079	"shlib" => \$shlib,	1144	"shlib" => \$shlib,
1080	"dll" => \$shlib,	1145	"dll" => \$shlib,
1081	"shared" => 0,	1146	"shared" => 0,
		1147	"no-sctp" => 0,
1082	"no-gmp" => 0,	1148	"no-gmp" => 0,
1083	"no-rfc3779" => 0,	1149	"no-rfc3779" => 0,
1084	"no-montasm" => 0,	1150	"no-montasm" => 0,
@@ -1086,6 +1152,7 @@ sub read_options
1086	"no-store" => 0,	1152	"no-store" => 0,
1087	"no-zlib" => 0,	1153	"no-zlib" => 0,
1088	"no-zlib-dynamic" => 0,	1154	"no-zlib-dynamic" => 0,
		1155	"fips" => \$fips
1089	);	1156	);
1090		1157
1091	if (exists $valid_options{$_})	1158	if (exists $valid_options{$_})